The Security Scanner Was the Attack Vector — How Supply Chain Attacks Hit AI Agents Differently

Trivy got compromised. LiteLLM got trojaned. Claude Code installed it autonomously. The agent supply chain is not the software supply chain — it's worse.